Magento Open Source 2.1.x


Establishes the location of OAuth credentials and redirectA method used to alert browsers and search engines that a page has been moved. 301 Redirect: Permanent change 302 Redirect: Temporary change URL for third-party integrations, and identifies the available API resources that are needed for the integration.


Onboarding Workflow

  • Authorize the integration. Go to the system/integration screen, find the relevant integration, and authorize.

    Verify and establish login. When prompted, accept the access requested. If redirected to a third-party, log in to the system, or create a new account. After a successful login, you return to the integration page.

    Receive confirmation of authorized integration. The system sends notification that the integration has been authorized successfully. After setting up an integration and receiving the credentials, it is no longer necessary to make calls to access or request tokens.

To add a new integration:

On the Admin sidebar, tap System. Then under Extensions, choose Integrations.

Enter the following Integration Info:

Enter the Name of the integration, and the contact Email address.

Enter the Callback URL where OAuth credentials can be sent when using OAuth for token exchange. We strongly recommend using https://.

Enter the Identity Link URL to redirect the users to a third-party account with these Magento integration credentials.

New Integration

In the panel on the left, choose API. Then, do the following:

Set Resource Access to one of the following:

  • All
  • Custom

For custom access, mark the checkbox of each resource that is needed:

Resources Needed for Custom Access

When complete, tap Save.

To change the API guest access security setting:

By default, the system does not permit anonymous guest access to CMS, catalog, and other store resources. If you need to change the setting, do the following:

On the Admin sidebar, tap Stores. Then under Settings, choose Configuration.

In the panel on the left under Services, choose Magento Web API.

Expand the Web API Security Setting section.

Web API Security

Set Allow Anonymous Guest Access to “Yes,”

When complete, tap Save Config.

To learn more, see: “Restricting access to  anonymous web  APIs” in the Magento developer documentation.